Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 01:31

General

  • Target

    eed0ffd9b9cda03fec99477db1c86c5b_JaffaCakes118.dll

  • Size

    4.9MB

  • MD5

    eed0ffd9b9cda03fec99477db1c86c5b

  • SHA1

    64b411590a05a21cd24caf2205c6a9f80051948f

  • SHA256

    073c2866f9495a3ae8edb03e25acac783faf86e5953679fef3cf46708a0e139d

  • SHA512

    7352ea4c9c3ada7e24fb0df8d893fba038307864c0f49a74ad14dce56f5c08193d89109bd2aafd5393e088863148189bb024071ebe7d764c6376e72fa29b76f7

  • SSDEEP

    6144:IS44io4Ukuqb0WFGtBFgN/1aAgrr8gFpojB:1Qo4UkuqAW04Qrr8gFq

Score
10/10

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eed0ffd9b9cda03fec99477db1c86c5b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eed0ffd9b9cda03fec99477db1c86c5b_JaffaCakes118.dll,#1
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\bniasdo.dll

    Filesize

    6.5MB

    MD5

    13f4c94c6d448e0f20456bfcd39389b3

    SHA1

    530756c8cb0193a8bc5bfb59e53c518693e6e286

    SHA256

    c328da73659c19d71dad21684a34ffd99fb8c9e42b53539821008ce41e7078ec

    SHA512

    81f19cda55dcf3bb27b435aceb2ffa0f51b588c4b914ced346bdf44a31e6ab57a0bbcabd5e3f204e21c64eb8698f851a335d3183f8b59df3054ccdf0f5db762a

  • memory/2292-0-0x0000000000130000-0x000000000016B000-memory.dmp

    Filesize

    236KB

  • memory/2292-2-0x00000000001B0000-0x0000000000205000-memory.dmp

    Filesize

    340KB

  • memory/2292-8-0x0000000000210000-0x0000000000217000-memory.dmp

    Filesize

    28KB

  • memory/2292-9-0x0000000000210000-0x0000000000217000-memory.dmp

    Filesize

    28KB

  • memory/2292-19-0x0000000000260000-0x000000000029B000-memory.dmp

    Filesize

    236KB

  • memory/2292-21-0x00000000002A0000-0x00000000002F5000-memory.dmp

    Filesize

    340KB

  • memory/2292-28-0x0000000000300000-0x0000000000307000-memory.dmp

    Filesize

    28KB

  • memory/2292-22-0x00000000002A0000-0x00000000002F5000-memory.dmp

    Filesize

    340KB

  • memory/2292-34-0x0000000000130000-0x000000000016B000-memory.dmp

    Filesize

    236KB

  • memory/2292-35-0x0000000000260000-0x000000000029B000-memory.dmp

    Filesize

    236KB